Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort High Memory Usage

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 31 May 2013 19:54:18 -0400
On 5/31/2013 19:27, Josh Bitto wrote:

I'm just doing a top on command line and looking at mem% for each snort pid
that comes up for the sensors.


i thought that was likely the case ;)

what are the numbers under the VIRT and RES columns?

can i assume that you are doing SHIFT-M in top to sort by most memory used?


We had Emerging threats and the original snort rules enabled. Took ET off and
that took the memory down some, but I don't want to sacrifice that if I can
help it.


one box i'm looking at with 2.9.4.1 and only the default VRT rules set with no 
rules commented out or added shows

    VIRT = 371m   RES = 119m

another box with 2.8.6.1 and only the ET set plus some (~15) local.rules with 
some of the ET rules disabled from default shows

    VIRT = 199m   RES = 175m




-----Original Message----- From: waldo kitty
[mailto:wkitty42 () windstream net] Sent: Friday, May 31, 2013 4:20 PM To:
snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort High
Memory Usage

On 5/31/2013 17:46, Josh Bitto wrote:

Currently I’m running 7 snort sensors on my pfsense firewall and each of
them is at 672 mb’s for using memory. Which seems really high. I believe I
read somewhere in documentation that the memory is usually around 200 mb’s.
Can anyone shed some light on this for me?


how many rules do you have enabled?

what tool are you using to view that memory consumption?

what column are those figures listed under in that tool?




-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: